summaryrefslogtreecommitdiff
path: root/smoketest
diff options
context:
space:
mode:
Diffstat (limited to 'smoketest')
-rwxr-xr-xsmoketest/scripts/cli/test_load-balancing_reverse-proxy.py118
-rwxr-xr-xsmoketest/scripts/cli/test_qos.py39
-rwxr-xr-xsmoketest/scripts/cli/test_service_pppoe-server.py9
-rwxr-xr-xsmoketest/scripts/cli/test_vpn_openconnect.py11
-rwxr-xr-xsmoketest/scripts/system/test_kernel_options.py76
5 files changed, 189 insertions, 64 deletions
diff --git a/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py b/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py
index 737c07401..c8b17316f 100755
--- a/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py
+++ b/smoketest/scripts/cli/test_load-balancing_reverse-proxy.py
@@ -180,6 +180,7 @@ class TestLoadBalancingReverseProxy(VyOSUnitTestSHIM.TestCase):
mode = 'http'
rule_ten = '10'
rule_twenty = '20'
+ rule_thirty = '30'
send_proxy = 'send-proxy'
max_connections = '1000'
@@ -192,6 +193,8 @@ class TestLoadBalancingReverseProxy(VyOSUnitTestSHIM.TestCase):
self.cli_set(base_path + ['service', frontend, 'rule', rule_ten, 'set', 'backend', bk_first_name])
self.cli_set(base_path + ['service', frontend, 'rule', rule_twenty, 'domain-name', domain_bk_second])
self.cli_set(base_path + ['service', frontend, 'rule', rule_twenty, 'set', 'backend', bk_second_name])
+ self.cli_set(base_path + ['service', frontend, 'rule', rule_thirty, 'url-path', 'end', '/test'])
+ self.cli_set(base_path + ['service', frontend, 'rule', rule_thirty, 'set', 'backend', bk_second_name])
self.cli_set(back_base + [bk_first_name, 'mode', mode])
self.cli_set(back_base + [bk_first_name, 'server', bk_first_name, 'address', bk_server_first])
@@ -222,6 +225,8 @@ class TestLoadBalancingReverseProxy(VyOSUnitTestSHIM.TestCase):
self.assertIn(f'use_backend {bk_first_name} if {rule_ten}', config)
self.assertIn(f'acl {rule_twenty} hdr(host) -i {domain_bk_second}', config)
self.assertIn(f'use_backend {bk_second_name} if {rule_twenty}', config)
+ self.assertIn(f'acl {rule_thirty} path -i -m end /test', config)
+ self.assertIn(f'use_backend {bk_second_name} if {rule_thirty}', config)
# Backend
self.assertIn(f'backend {bk_first_name}', config)
@@ -299,39 +304,86 @@ class TestLoadBalancingReverseProxy(VyOSUnitTestSHIM.TestCase):
self.cli_commit()
def test_05_lb_reverse_proxy_backend_http_check(self):
- # Setup base
- self.base_config()
-
- # Set http-check
- self.cli_set(base_path + ['backend', 'bk-01', 'http-check', 'method', 'get'])
- self.cli_commit()
-
- # Test http-check
- config = read_file(HAPROXY_CONF)
- self.assertIn('option httpchk', config)
- self.assertIn('http-check send meth GET', config)
-
- # Set http-check with uri and status
- self.cli_set(base_path + ['backend', 'bk-01', 'http-check', 'uri', '/health'])
- self.cli_set(base_path + ['backend', 'bk-01', 'http-check', 'expect', 'status', '200'])
- self.cli_commit()
-
- # Test http-check with uri and status
- config = read_file(HAPROXY_CONF)
- self.assertIn('option httpchk', config)
- self.assertIn('http-check send meth GET uri /health', config)
- self.assertIn('http-check expect status 200', config)
-
- # Set http-check with string
- self.cli_delete(base_path + ['backend', 'bk-01', 'http-check', 'expect', 'status', '200'])
- self.cli_set(base_path + ['backend', 'bk-01', 'http-check', 'expect', 'string', 'success'])
- self.cli_commit()
-
- # Test http-check with string
- config = read_file(HAPROXY_CONF)
- self.assertIn('option httpchk', config)
- self.assertIn('http-check send meth GET uri /health', config)
- self.assertIn('http-check expect string success', config)
+ # Setup base
+ self.base_config()
+
+ # Set http-check
+ self.cli_set(base_path + ['backend', 'bk-01', 'http-check', 'method', 'get'])
+ self.cli_commit()
+
+ # Test http-check
+ config = read_file(HAPROXY_CONF)
+ self.assertIn('option httpchk', config)
+ self.assertIn('http-check send meth GET', config)
+
+ # Set http-check with uri and status
+ self.cli_set(base_path + ['backend', 'bk-01', 'http-check', 'uri', '/health'])
+ self.cli_set(base_path + ['backend', 'bk-01', 'http-check', 'expect', 'status', '200'])
+ self.cli_commit()
+
+ # Test http-check with uri and status
+ config = read_file(HAPROXY_CONF)
+ self.assertIn('option httpchk', config)
+ self.assertIn('http-check send meth GET uri /health', config)
+ self.assertIn('http-check expect status 200', config)
+
+ # Set http-check with string
+ self.cli_delete(base_path + ['backend', 'bk-01', 'http-check', 'expect', 'status', '200'])
+ self.cli_set(base_path + ['backend', 'bk-01', 'http-check', 'expect', 'string', 'success'])
+ self.cli_commit()
+
+ # Test http-check with string
+ config = read_file(HAPROXY_CONF)
+ self.assertIn('option httpchk', config)
+ self.assertIn('http-check send meth GET uri /health', config)
+ self.assertIn('http-check expect string success', config)
+
+ def test_06_lb_reverse_proxy_tcp_mode(self):
+ frontend = 'tcp_8443'
+ mode = 'tcp'
+ front_port = '8433'
+ tcp_request_delay = "5000"
+ rule_thirty = '30'
+ domain_bk = 'n6.example.com'
+ ssl_opt = "req-ssl-sni"
+ bk_name = 'bk-03'
+ bk_server = '192.0.2.11'
+ bk_server_port = '9090'
+
+ back_base = base_path + ['backend']
+
+ self.cli_set(base_path + ['service', frontend, 'mode', mode])
+ self.cli_set(base_path + ['service', frontend, 'port', front_port])
+ self.cli_set(base_path + ['service', frontend, 'tcp-request', 'inspect-delay', tcp_request_delay])
+
+ self.cli_set(base_path + ['service', frontend, 'rule', rule_thirty, 'domain-name', domain_bk])
+ self.cli_set(base_path + ['service', frontend, 'rule', rule_thirty, 'ssl', ssl_opt])
+ self.cli_set(base_path + ['service', frontend, 'rule', rule_thirty, 'set', 'backend', bk_name])
+
+ self.cli_set(back_base + [bk_name, 'mode', mode])
+ self.cli_set(back_base + [bk_name, 'server', bk_name, 'address', bk_server])
+ self.cli_set(back_base + [bk_name, 'server', bk_name, 'port', bk_server_port])
+
+ # commit changes
+ self.cli_commit()
+
+ config = read_file(HAPROXY_CONF)
+
+ # Frontend
+ self.assertIn(f'frontend {frontend}', config)
+ self.assertIn(f'bind :::{front_port} v4v6', config)
+ self.assertIn(f'mode {mode}', config)
+
+ self.assertIn(f'tcp-request inspect-delay {tcp_request_delay}', config)
+ self.assertIn(f"tcp-request content accept if {{ req_ssl_hello_type 1 }}", config)
+ self.assertIn(f'acl {rule_thirty} req_ssl_sni -i {domain_bk}', config)
+ self.assertIn(f'use_backend {bk_name} if {rule_thirty}', config)
+
+ # Backend
+ self.assertIn(f'backend {bk_name}', config)
+ self.assertIn(f'balance roundrobin', config)
+ self.assertIn(f'mode {mode}', config)
+ self.assertIn(f'server {bk_name} {bk_server}:{bk_server_port}', config)
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_qos.py b/smoketest/scripts/cli/test_qos.py
index 4f41e36cd..fef1ff23a 100755
--- a/smoketest/scripts/cli/test_qos.py
+++ b/smoketest/scripts/cli/test_qos.py
@@ -697,6 +697,45 @@ class TestQoS(VyOSUnitTestSHIM.TestCase):
for config_entry in config_entries:
self.assertIn(config_entry, output)
+ def test_13_shaper_delete_only_rule(self):
+ default_bandwidth = 100
+ default_burst = 100
+ interface = self._interfaces[0]
+ class_bandwidth = 50
+ class_ceiling = 5
+ src_address = '10.1.1.0/24'
+
+ shaper_name = f'qos-shaper-{interface}'
+ self.cli_set(base_path + ['interface', interface, 'egress', shaper_name])
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'bandwidth', f'10mbit'])
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'default', 'bandwidth', f'{default_bandwidth}mbit'])
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'default', 'burst', f'{default_burst}'])
+
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'class', '30', 'bandwidth', f'{class_bandwidth}mbit'])
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'class', '30', 'ceiling', f'{class_ceiling}mbit'])
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'class', '30', 'match', 'ADDRESS30', 'ip', 'source', 'address', src_address])
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'class', '30', 'match', 'ADDRESS30', 'description', 'smoketest'])
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'class', '30', 'priority', '5'])
+ self.cli_set(base_path + ['policy', 'shaper', shaper_name, 'class', '30', 'queue-type', 'fair-queue'])
+
+ # commit changes
+ self.cli_commit()
+ # check root htb config
+ output = cmd(f'tc class show dev {interface}')
+
+ config_entries = (
+ f'prio 5 rate {class_bandwidth}Mbit ceil {class_ceiling}Mbit burst 15Kb', # specified class
+ f'prio 7 rate {default_bandwidth}Mbit ceil 100Mbit burst {default_burst}b', # default class
+ )
+ for config_entry in config_entries:
+ self.assertIn(config_entry, output)
+
+ self.assertTrue('' != cmd(f'tc filter show dev {interface}'))
+ # self.cli_delete(base_path + ['policy', 'shaper', shaper_name, 'class', '30', 'match', 'ADDRESS30'])
+ self.cli_delete(base_path + ['policy', 'shaper', shaper_name, 'class', '30', 'match', 'ADDRESS30', 'ip', 'source', 'address', src_address])
+ self.cli_commit()
+ self.assertEqual('', cmd(f'tc filter show dev {interface}'))
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/cli/test_service_pppoe-server.py b/smoketest/scripts/cli/test_service_pppoe-server.py
index 5a48b1f58..97c63d4cb 100755
--- a/smoketest/scripts/cli/test_service_pppoe-server.py
+++ b/smoketest/scripts/cli/test_service_pppoe-server.py
@@ -168,7 +168,14 @@ class TestServicePPPoEServer(BasicAccelPPPTest.TestCase):
conf = ConfigParser(allow_no_value=True, delimiters='=')
conf.read(self._config_file)
- self.assertEqual(conf['pppoe']['pado-delay'], '10,20:200,-1:300')
+ self.assertEqual(conf['pppoe']['pado-delay'], '10,20:200,30:300')
+
+ self.set(['pado-delay', 'disable', 'sessions', '400'])
+ self.cli_commit()
+
+ conf = ConfigParser(allow_no_value=True, delimiters='=')
+ conf.read(self._config_file)
+ self.assertEqual(conf['pppoe']['pado-delay'], '10,20:200,30:300,-1:400')
if __name__ == '__main__':
diff --git a/smoketest/scripts/cli/test_vpn_openconnect.py b/smoketest/scripts/cli/test_vpn_openconnect.py
index 96e858fdb..a2e426dc7 100755
--- a/smoketest/scripts/cli/test_vpn_openconnect.py
+++ b/smoketest/scripts/cli/test_vpn_openconnect.py
@@ -210,6 +210,9 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
# Verify configuration
daemon_config = read_file(config_file)
+ # Verify TLS string (with default setting)
+ self.assertIn('tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1"', daemon_config)
+
# authentication mode local password-otp
self.assertIn(f'auth = "plain[passwd=/run/ocserv/ocpasswd,otp=/run/ocserv/users.oath]"', daemon_config)
self.assertIn(f'listen-host = {listen_ip_no_cidr}', daemon_config)
@@ -253,5 +256,13 @@ class TestVPNOpenConnect(VyOSUnitTestSHIM.TestCase):
self.assertIn('included-http-headers = Pragma: no-cache', daemon_config)
self.assertIn('included-http-headers = Cache-control: no-store, no-cache', daemon_config)
+ # Set TLS version to the highest security (v1.3 min)
+ self.cli_set(base_path + ['tls-version-min', '1.3'])
+ self.cli_commit()
+
+ # Verify TLS string
+ daemon_config = read_file(config_file)
+ self.assertIn('tls-priorities = "NORMAL:%SERVER_PRECEDENCE:%COMPAT:-RSA:-VERS-SSL3.0:-ARCFOUR-128:-VERS-TLS1.0:-VERS-TLS1.1:-VERS-TLS1.2"', daemon_config)
+
if __name__ == '__main__':
unittest.main(verbosity=2)
diff --git a/smoketest/scripts/system/test_kernel_options.py b/smoketest/scripts/system/test_kernel_options.py
index 0e3cbd0ed..18922d93d 100755
--- a/smoketest/scripts/system/test_kernel_options.py
+++ b/smoketest/scripts/system/test_kernel_options.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2020-2023 VyOS maintainers and contributors
+# Copyright (C) 2020-2024 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -14,28 +14,38 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
-import gzip
import re
import os
import platform
import unittest
-from vyos.utils.process import call
-from vyos.utils.file import read_file
-
kernel = platform.release()
-config = read_file(f'/boot/config-{kernel}')
-CONFIG = '/proc/config.gz'
class TestKernelModules(unittest.TestCase):
""" VyOS makes use of a lot of Kernel drivers, modules and features. The
required modules which are essential for VyOS should be tested that they are
available in the Kernel that is run. """
+ _config_data = None
+
+ @classmethod
+ def setUpClass(cls):
+ import gzip
+ from vyos.utils.process import call
+
+ super(TestKernelModules, cls).setUpClass()
+ CONFIG = '/proc/config.gz'
+
+ if not os.path.isfile(CONFIG):
+ call('sudo modprobe configs')
+
+ with gzip.open(CONFIG, 'rt') as f:
+ cls._config_data = f.read()
+
def test_bond_interface(self):
# The bond/lacp interface must be enabled in the OS Kernel
for option in ['CONFIG_BONDING']:
- tmp = re.findall(f'{option}=(y|m)', config)
+ tmp = re.findall(f'{option}=(y|m)', self._config_data)
self.assertTrue(tmp)
def test_bridge_interface(self):
@@ -43,7 +53,7 @@ class TestKernelModules(unittest.TestCase):
for option in ['CONFIG_BRIDGE',
'CONFIG_BRIDGE_IGMP_SNOOPING',
'CONFIG_BRIDGE_VLAN_FILTERING']:
- tmp = re.findall(f'{option}=(y|m)', config)
+ tmp = re.findall(f'{option}=(y|m)', self._config_data)
self.assertTrue(tmp)
def test_dropmon_enabled(self):
@@ -53,47 +63,53 @@ class TestKernelModules(unittest.TestCase):
'CONFIG_BPF_EVENTS=y',
'CONFIG_TRACEPOINTS=y'
]
- if not os.path.isfile(CONFIG):
- call('sudo modprobe configs')
- with gzip.open(CONFIG, 'rt') as f:
- config_data = f.read()
for option in options_to_check:
- self.assertIn(option, config_data,
- f"Option {option} is not present in /proc/config.gz")
+ self.assertIn(option, self._config_data)
def test_synproxy_enabled(self):
options_to_check = [
'CONFIG_NFT_SYNPROXY',
'CONFIG_IP_NF_TARGET_SYNPROXY'
]
- if not os.path.isfile(CONFIG):
- call('sudo modprobe configs')
- with gzip.open(CONFIG, 'rt') as f:
- config_data = f.read()
for option in options_to_check:
- tmp = re.findall(f'{option}=(y|m)', config_data)
+ tmp = re.findall(f'{option}=(y|m)', self._config_data)
self.assertTrue(tmp)
def test_qemu_support(self):
- for option in ['CONFIG_VIRTIO_BLK', 'CONFIG_SCSI_VIRTIO',
- 'CONFIG_VIRTIO_NET', 'CONFIG_VIRTIO_CONSOLE',
- 'CONFIG_VIRTIO', 'CONFIG_VIRTIO_PCI',
- 'CONFIG_VIRTIO_BALLOON', 'CONFIG_CRYPTO_DEV_VIRTIO',
- 'CONFIG_X86_PLATFORM_DEVICES']:
- tmp = re.findall(f'{option}=(y|m)', config)
+ options_to_check = [
+ 'CONFIG_VIRTIO_BLK', 'CONFIG_SCSI_VIRTIO',
+ 'CONFIG_VIRTIO_NET', 'CONFIG_VIRTIO_CONSOLE',
+ 'CONFIG_VIRTIO', 'CONFIG_VIRTIO_PCI',
+ 'CONFIG_VIRTIO_BALLOON', 'CONFIG_CRYPTO_DEV_VIRTIO',
+ 'CONFIG_X86_PLATFORM_DEVICES'
+ ]
+ for option in options_to_check:
+ tmp = re.findall(f'{option}=(y|m)', self._config_data)
self.assertTrue(tmp)
def test_vmware_support(self):
for option in ['CONFIG_VMXNET3']:
- tmp = re.findall(f'{option}=(y|m)', config)
+ tmp = re.findall(f'{option}=(y|m)', self._config_data)
self.assertTrue(tmp)
def test_container_cgroup_support(self):
- for option in ['CONFIG_CGROUPS', 'CONFIG_MEMCG', 'CONFIG_CGROUP_PIDS', 'CONFIG_CGROUP_BPF']:
- tmp = re.findall(f'{option}=(y|m)', config)
+ options_to_check = [
+ 'CONFIG_CGROUPS', 'CONFIG_MEMCG',
+ 'CONFIG_CGROUP_PIDS', 'CONFIG_CGROUP_BPF'
+ ]
+ for option in options_to_check:
+ tmp = re.findall(f'{option}=(y|m)', self._config_data)
+ self.assertTrue(tmp)
+
+ def test_ip_routing_support(self):
+ options_to_check = [
+ 'CONFIG_IP_ADVANCED_ROUTER', 'CONFIG_IP_MULTIPLE_TABLES',
+ 'CONFIG_IP_ROUTE_MULTIPATH'
+ ]
+ for option in options_to_check:
+ tmp = re.findall(f'{option}=(y|m)', self._config_data)
self.assertTrue(tmp)
if __name__ == '__main__':
unittest.main(verbosity=2)
-